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INTRODUCTION 


Knowledge Is power 


The volume and sophistication of new cyber 
threats is unrelenting, but there are ways 
to effectively deal with them and enable 
your business to be more secure. One 
critical way is through in-depth research 
that provides access to the methods and 
means of cybercriminals and expands the 
knowledge of how to better protect our 
world against cyberattacks. 


To win against cyber threats, governments, 
universities, research institutions and 
private businesses must join together 

with the shared goals of understanding 
and anticipating the evolving threat 
environment, creating new cybersecurity 
technologies, and delivering innovation 
that continuously strengthens our 

digital protection. 





Built into our security DNA, Trend Micro 
Research is at the forefront of understanding 
the global cybersecurity challenges facing 
our increasingly connected world. Our 
large, global team of dedicated experts 
enables us to provide our customers, public 
and private partners, and the broader dig- 
ital community with in-depth information 
about threats- both current and emerging. 
Trend Micro Research is also instrumental in 
guiding the development of security tools to 
protect against these threats. 


In this ebook, you'll learn about the eight 
critical areas of cybersecurity and threat 
research on which Trend Micro Research 
focuses every day, in multiple locations 
around the world, and how this expert 
knowledge can be a powerful tool in 
protecting your organization, freeing you to 
focus on your business. 
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THE MALWARE EVOLUTION 


How we got where we are today 
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The continuous search for 
knowledge 


The only effective way to keep up with rapidly evolving threats and protect our digital assets, businesses, 
governments and critical infrastructure is through constant, comprehensive research. 


Unlike the early days of malware when there were only a few variations to track, today's cybersecurity 
research must cover a broad array of attack surfaces, methods and technologies. This includes analyzing 
the evolving tactics, technigues and procedures (TTPs) used by adversaries in sophisticated attacks such 
as advanced persistent threats (APTs). Researchers must also go “undercover” to where the bad actors 
are, anywhere in the world, to uncover new threats and trends. 


Trend Micro Research covers all of these areas and more. It helps identify millions of threats daily and 
publishes innovative research on cybersecurity issues. As a leading provider of cybersecurity research and 
a partner to law enforcement, government, and other public entities, Trend Micro Research focuses on the 
critical components of today's cybersecurity landscape: 
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Threats and Exploits Attacks Intelligence Things (loT) Internet of Underground Threat 
and and Machine Things (IloT), Landscape 
Advanced Learning and Operational 


Persistent 
Threats 


Technology (OT) 





Turning Knowledge into Power | 6 


*1: Cyber threats 


Ongoing research and analysis of malware and threats provide a deeper understanding of how and 
why they work. This insight helps not only Trend Micro but also the broader cybersecurity community, 


WHAT THIS 
MEANS FOR YOUR 
ORGANIZATION 


businesses, and organizations improve prevention as well as threat detection and response. 


For more than 32 years, Trend Micro Research has been analyzing malware and threats, turning its 
findings into actionable intelligence. Today the organization takes advantage of sophisticated tools 


for automation, machine learning and artificial intelligence (Al) to identify new threats more quickly 54 BILLION THREATS were 


blocked by Trend Micro in 2019 thanks 
to intelligence generated by Trend Micro 
Research. 


and accurately than ever before. Experts then use re-engineering techniques to dissect the threats 
and understand how they are intended to work. 


Our research coverage of malware and threats is both broad and deep, spanning across: 
More than 46,000 command and 
control (C&C) servers were discovered 
and blocked by Trend Micro in 
2019. Blocking cybercriminal 
infrastructure protects your 





Malware threats such 
as viruses, worms, 
Trojans, mobile malware, 
backdoors, remote access 
Trojans (RATs), fileless 
attacks, and others 


Web threats, including 


drive-bys, malvertisements, 


redirects, domain 
generation algorithms 
(DGAs) and command-and- 
control (C&C) servers 


Messaging threats such 
as spam, phishing, spear 
phishing, and business 
email compromise (BEC), 
as well as which internet 
protocol (IP) addresses are 
sending malicious emails 


organization from threats based 
on these sources, as well as 
exfiltration of stolen data. 





#2: Vulnerabilities and exploits 


Vulnerabilities are programming flaws that 
can be exploited by cybercriminals to bypass 
security and gain access to a system or 
network. An exploit is code that can be used 
to take advantage of a vulnerability. When 

a new vulnerability is discovered, it’s a race 
against time to patch it before exploits can be 
developed and deployed by bad actors. 


Unfortunately, the number of vulnerabilities 
published every year continues to grow, 

with 21,273 published in 2019.’ That's why 
vulnerability research is essential in the fight 
against cyber threats. Vulnerability research 
identifies vulnerabilities in systems before 
they can be discovered and exploited for 
malicious purposes. 


Trend Micro Research is the leader in 
vulnerability research, disclosing more than 
52% of all publicly disclosed vulnerabilities in 
2019 from 11 vendors in the study, according 

to analysis from Omdia. Through its Zero Day 
Initiative (ZDI) bug bounty program, Trend 
Micro is now a top reporter of Microsoft® and 
Adobe® vulnerabilities and a top reporter of 
vulnerabilities to ISC-CERT (part of the National 
Cybersecurity and Communications Integration 
Center focused on industrial control systems). 
Trend Micro Research identifies and discloses 
new vulnerabilities across a wide range of 
platforms, including: 


e Operating systems (Windows®, Linux® 
and Mac, among others) 


e Applications (consumer and business) 
e Mobile devices 


e Industrial control systems and 
critical infrastructure 


1. “Common Vulnerabilities and Exposures List," The MITRE Corporation. 
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#2: Vulnerabilities and exploits 


CONTINUED 





















Competing to find vulnerabilities in critical systems 


WHAT THIS 


The world’s largest vendor-agnostic bug previously unknown vulnerabilities. The ; = 
bounty program, Trend Micro" Zero Day contest demonstrates the vulnerability of M EA N S FO R : i JIN 
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of zero-day vulnerabilities to progress on fixing previously Trend Micro curian A 
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immediately upon vulner 


affected vendors by financially disclosed issues. Always focused 


rewarding researchers on the evolving threat landscape, 
through incentive programs. Pwn2Own Vancouver 2019 
included a new automotive In addition, Trend Micro 1 


category, which resulted in the customers are protected 


The ZDI program uses a 





Targeted Incentive Program 


and sponsored hacking contests awarding of a Tesla Model 3. In 

to focus researchers’ attention on January 2020, Pwn2Own Miami debuted release ach À 
uncovering vulnerabilities in critical with a focus on vulnerabilities in industrial patch for a 
applications, operating systems, devices, control systems, and Pwn2Own 2020 in 
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#3: Targeted attacks and 
advanced persistent threats 


When threat actors want to breach a specific organization, they often use targeted attacks and advanced persistent threats (APTs). Whether 
they are after personal information, financial or payment data, medical information, credentials, intellectual property or some other target, 
cybercriminals often utilize an attack lifecycle that includes: 















e Gathering open-source © ede. © Point of 
s“ gathering -A 22 entry 
intelligence (OSINT) about LED f ol © Asset and data 
their victims, from sources : -= JE © Lateral discovery 
such as LinkedIn, Facebook E = = S movement 


and other social media 

e Developing and deploying an 
initial attack vector 

e Establishing command-and- 
control (C&C) connectivity © c&c Communication 

e Laterally moving across the 
victim's network 


© Data exfiltration Maintenance - attackers will do their 


e Identifying assets to steal best to maintain their foothold inside 


these stages. 


e Exfiltrating stolen data 
e Initiating a maintenance stage 
to maintain persistence 





Turning Knowledge into Power | 10 








Targeted attacks and 
advanced persistent thre 


CONTINUED 


as detect when a breach has occurred and remediate it. 


Trend Micro researchers regularly analyze attacks against organizations, providing insight into 
each step of the attack life cycle and how best to protect against it. A rece 
from Trend Micro's participation in the MITRE ATT&CK evaluation, which MITRE taking 

on the persona of APT29, a threat group that has been attributed to the Russian government. 
This resulted in Trend Micro being ranked among the top tier of EDR vendors for our detection 








of visibility they need when looking into detailed attacker activity-showil 
detection capabilities (especially higher confidence detections) across tl l 


Our detection coverage results would have remained strong without humé 


Trend Micro gives you visibility into threats across your Findings from Trend Micro Research contribute to the 

entire technology infrastructure to help identify attackers comprehensive defense and analytics capabilities of our 

as they attempt to laterally move across a network. We do products, which are used globally to identify targeted attacks 
this by collecting threat intelligence from mobile, endpoint, and advanced threats. Trend Micro uses specialized engines, 
server workloads (physical, virtual, cloud and containers), lateral movement detection, custom sandboxing, and 
network, messaging, and gateway instances to correlate seamless correlation across the entire attack lifecycle 


attack data. to detect threats. 
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#4: Artificial intelligence and 
machine learning 



















Artificial intelligence (Al) and machine learning malware, macro malware, exploits, malicious WHAT TH IS 
(the method that helps Al-based systems get URLs and domains, social media threats, M EANS TO) R 
ORGANIZATI 


smarter) are critical capabilities for cy- ransomware, business email compromise 


bersecurity research and solutions, (BEC), targeted attacks, and domain 





helping detect spam, phishing, generated algorithms (DGAs), as 


well as identification of good files. More than 20 APPLIC 
Al and machine learning i 
Many forward-looking researchers incorporated into Trend 
giving you access to stat 
security with advance 
capabilities. 


exploits, and many other threats 
or attacks far faster and more 


accurately than humans. 
are included in this group within 
Trend Micro researchers and Trend Micro Research. These 

researchers consider how Al and 
machine learning will be utilized to Recently MORE TH 


developing solutions to combat threats combat cyber threats in the future — as well Trend Micro employe 


data scientists have been working 
with these technologies since 2005, 


where Al and machine learning can be used to as how cybercriminals may themselves use Al an Al-focused development contest 
to improve their understanding oi 


Al applications. This commitment 
and broad support across the — 
company fosters further 


improve detection. Some of the many areas and machine learning to increase the frequency 
of use include detection of spam, phishing, and success of attacks. 


technology. 





Tea ol, OT 


Smart homes, smart factories, smart cars, and 
smart transportation systems are all part of 
the next wave of innovation that will transform 
how people and organizations use technology. 
However, cybercriminals and bad actors are 
also eager to exploit vulnerabilities in the 
devices, software, protocols, and apps used in 
the internet of things (loT), industrial internet 
of things (IloT), and operation- al technology 


(OT) that increasingly connects and controls 








our homes, businesses, factories and public 
infrastructure. Trend Micro researchers study 
these areas to better understand how these 
technologies are currently being used, how 
they could be used in the future, and how threat 
actors could potentially abuse them. Examples 
of our research areas include: 


e Exploitation of vulnerabilities in robotic 
manufacturing and radio frequency (RF) 
equipment used in industrial machines 

e Hacking of medical devices used in 
healthcare facilities 

e Hijacking the communication protocols used 
by drones that have been approved for use 
over large groups of people 

e Exploitation of consumer devices, such as 
kitchen appliances, smart TVs, and more, 
that are increasingly connected to the 
internet 
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WHAT THIS 
MEANS FOR YOUR 
ORGANIZATION 


Trend Micro's Smart Home Network 
solutions identified MORE THAN 
1.8 BILLION malicious events on our 
customers’ home networks in 2019. 


We launched Trend Forward Capital, a 
venture capital firm that is investing 
US$100 MILLION in support of 


unique loT-focused companies. 


We also recently launched a joint 
venture, TXOne Networks, 
focussed on helping Trend Micro 
be a leader in loT security in 
the years to come. 
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#6: The criminal underground 


Criminal underground communities can Trend Micro employs researchers around the globe to analyze 


be a valuable source of information on the many criminal undergrounds that exist, including those 


everything from which cybercriminal groups in Russia, China, North and South America, France, Germany, 


are currently active to new TTPs used in the Japan, West Africa, and the Middle East. 
latest attacks. However, threat actors don't 


work in an isolated area of the world; an actor Having regionally-supported researchers is critical, as many of 


in Russia may target an organization in the these undergrounds operate based on local languages, norms 


U.S. or South America. To have visibility into and values, which researchers must understand in order to gain 


the entire threat landscape, researchers are access to and participate in the community. This research gives 





needed within many regions throughout the = Trend Micro valuable insight and threat intelligence that are 
world to collect and investigate threats and actor information. used to protect customers from the threats employed by these 
bad actors. 


B countries and regions in which we have launched investigations over the last few years B Research Centers 


Russia 






$ k 


= 4 , s China = Tokyo 
~ Nanjing 
West. Africa x poe Japan 





Tr- 


United States 


Trend Micro operates 15 GLOBAL RESEARCH 
WHAT THIS : 


CENTERS for maximum coverage. We use the | a T ae ně > a 
M EA N S FO R YO U R knowledge gained from research into criminal E aim À: 


(©) RGA N | ZAT | (©) N underground communities to improve our products and wan Brazil : i ih 


the protections used against the threats launched by 





these actors. This knowledge also helps to inform how 


we react to threats and helps our customers respond 
effectively to new attacks. 





What will cyber threats be like in six months? 
Twelve months? Five years? How will malware 
continue to change and evolve? Which new 
forms of attacks will emerge? 


Exploring and understanding all of these are 
the focus of forward-looking threat research: 
to anticipate the future threat landscape and 


MAPPING 
THE FUTURE 


Dealing With Pervasive and Persistent Threats 








which challenges enterprises, organizations and 
governments will face as they move to protect 
themselves and their customers, employees and 
constituents against new threats. 


Trend Micro Research includes dedicated 
security experts who analyze the existing 
threat landscape and the overall computing 
landscape, including changes to infrastructure. 
They identify current and emerging trends, 
technologies, user behavior and market 

and geopolitical shifts that help them build 
predictive models of what the threat landscape 
will look like at intervals in the future. 


The results of this research are published on 

a regular basis and available for business, 
technology and government leaders to use as 
a planning tool and guidance for cybersecurity 
strategies. 
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WHAT THIS 


Trend Micro's history of i 
and hundreds of pate 
commitment to the dev 
technologies and solut 
our customers in the f 
researchers work dir 
Trend Micro produ 
teams to build proof-c 
and ultimately embed 
new capabilities to 
customers. 
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Everyone benefits from Trend Micro Research 


It takes the collective efforts of many to thwart the malicious efforts of a few bad actors. By contributing analysis, insight and understanding 


across all seven critical areas explained in this ebook, Trend Micro Research helps improve cybersecurity for everyone. 





Customers 

Product development: Trend Micro Research 
provides product development teams with insights 
into how to protect against threats, which helps 
us improve protection capabilities and build 

new solutions for our customers. This process 
allows us to continually bring innovative new 
technologies and solutions to the market. 


Threat intelligence: The Smart Protection 
Network is a global threat intelligence machine 
that collects, identifies, and helps protect 

Trend Micro customers from new threats. This 
24/7/365 infrastructure is where many of the 
new protection capabilities are hosted once they 
are identified and published, delivering increased 
protection for our consumer, business and 


government customers around the world. 





Public and private partnerships 
Trend Micro is active in public and private partner- 
ships that focus on helping organizations around 
the world improve cybersecurity. For example, 

we work extensively with law enforcement or- 
ganizations such as the U.S. Federal Bureau of 
Investigation and the U.S. Secret Service. We 
also have a researcher on staff at Interpol Cyber 
Headquarters in Singapore to help with investiga- 
tions aimed at bringing cybercriminals to justice. 
Part of this interaction includes working with 
organizations that can help dismantle criminal 
infrastructures, including botnets. 


We are partners with Information Sharing and 
Analysis Centers (ISACS) and the Consortium for 
Electric Reliability Technology Solutions (CERTS) 
for the infrastructure industry, as well as the 
Health Information Trust Alliance (HITRUST), 
which focuses on information security for the 
healthcare industry. We partner with several major 
healthcare providers in the U.S. to improve the 
sharing process for threat intelligence. 


A 


Technology vendors 

We help vendors of operating systems and 
applications such as Adobe, Microsoft, and VMware“ 
create patches against vulnerabilities ahead of public 
disclosure . We're also committed to long-standing 
relationships with leading software vendors and the 
research community to influence the importance of 
security in the product development life cycle. 


loT/IloT manufacturers 

Trend Micro helps loT and IloT manufacturers 
improve the security of their products and the 
wider loT/IloT ecosystem, enhancing protection 
throughout the entire device lifecycle. In fact, 
Trend Micro and Moxa, a leader in OT technology, 
recently launched a joint-venture called TXOne 
Networks to focus on securing industrial systems. 


Conclusion 


Committed to securing our increasingly connected world, Trend Micro invests heavily in security research capabilities as well as the people who perform these functions, 
recognizing that threat actors never stop and are constantly changing how they attack people and organizations around the globe. This investment allows us to turn 


knowledge into power, providing critical information for use in our products as well as fueling innovation in new technologies to protect against threats today and those that 
will come in the future. 


Stay up-to-date on the latest threats and the shifts in cybercriminal activities by following our blogs, research 
reports, and security reports within our Research section on our website. 


About Trend Micro Research 


Trend Micro, a global leader in cybersecurity, helps to make the world safe for exchanging digital information. Our innovative solutions provide our customers with layered 
security for data centers, cloud workloads, networks, and endpoints. 


At the heart of our leadership, Trend Micro Research is powered by experts who are passionate about discovering new threats, sharing key insights with the public, and 
supporting efforts to stop cybercriminals. Our global team helps identify millions of threats daily, leads the industry in vulnerability disclosures, and publishes innovative 
research on targeted attacks, artificial intelligence, Internet of Things (loT), cybercriminals, and more. We continually work to anticipate the next wave of threats and 
deliver thought-provoking research that can shape strategic industry direction. 


For more information, visit www.trendmicro.com 
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